Lucene search
K

11 matches found

CVE
CVE
added 2025/04/04 9:52 a.m.106 views

CVE-2025-2244

CVE-2025-2244 affects Bitdefender GravityZone Console, via the vulnerable sendMailFromRemoteSource method in Emails.php that unserializes user input without validation. This enables PHP object injection, leading to a file write and arbitrary command execution on the host, per multiple sources. In...

9.8CVSS7.1AI score0.0103EPSS
CVE
CVE
added 2022/04/07 6:21 p.m.98 views

CVE-2022-0677

CVE-2022-0677 is an instance of an improper handling of length parameter inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay) and GravityZone (in Update Server). The issue allows a remote attacker to cause a Denial-of-Service. Affected produ...

7.5CVSS7.4AI score0.01229EPSS
CVE
CVE
added 2024/06/06 7:59 a.m.83 views

CVE-2024-4177

The CVE-2024-4177 issue affects Bitdefender GravityZone Update Server (on‑premise) with GravityZone Console versions prior to 6.38.1-2. The root cause is a host whitelist parser in the proxy service, enabling server-side request forgery (SSRF). Impact is high/critical per sources, with network at...

9.8CVSS8AI score0.00431EPSS
CVE
CVE
added 2025/04/04 9:53 a.m.64 views

CVE-2025-2243

Bitdefender GravityZone Console (GravityZone Console) is affected by CVE-2025-2243, an SSRF vulnerability where an attacker may bypass input validation by using leading characters in DNS requests. The issue affects GravityZone Console versions before 6.41.2.1. Root cause: flawed input validation ...

7.3CVSS6.7AI score0.00369EPSS
CVE
CVE
added 2022/09/05 11:55 a.m.63 views

CVE-2022-2830

CVE-2022-2830 describes a Deserialization of Untrusted Data vulnerability in Bitdefender GravityZone Console’s message processing component. Affected: GravityZone Console On-Premise < 6.29.2-1 and GravityZone Cloud Console

9.8CVSS9.3AI score0.00792EPSS
CVE
CVE
added 2024/07/31 6:58 a.m.58 views

CVE-2024-6980

The CVE-2024-6980 entry concerns Bitdefender GravityZone: GravityZone Console on-premises prior to 6.38.1-5, where a verbose error handling issue in the Update Server proxy service enables server-side request forgery (SSRF). The vulnerability affects the proxy component (GravityZone Update Server...

9.8CVSS6.4AI score0.00555EPSS
CVE
CVE
added 2021/12/16 2:40 p.m.52 views

CVE-2021-3960

In Bitdefender GravityZone, CVE-2021-3960 describes a Path Traversal in the UpdateServer component that can allow arbitrary code execution on affected instances. Affected versions are GravityZone prior to 3.3.8.272. Several records also reference a related Privilege Escalation via the UpdateServe...

7.8CVSS7.5AI score0.00309EPSS
CVE
CVE
added 2021/11/24 2:45 p.m.50 views

CVE-2021-3554

CVE-2021-3554 describes an improper access control in the patchesUpdate API of Bitdefender Endpoint Security Tools for Linux, where a relay role can be abused to manipulate the remote address used to pull patches. Affected are Bitdefender Endpoint Security Tools for Linux versions before 6.6.27.3...

10CVSS9.2AI score0.02682EPSS
CVE
CVE
added 2021/10/28 1:55 p.m.47 views

CVE-2021-3823

CVE-2021-3823 is a path-traversal vulnerability in Bitdefender GravityZone UpdateServer (relay mode) that allows arbitrary code execution on vulnerable instances. Affected: Bitdefender GravityZone prior to version 3.3.8.249. Root cause: improper limitation of a pathname to a restricted directory ...

9.8CVSS8.6AI score0.01029EPSS
CVE
CVE
added 2021/12/16 2:35 p.m.46 views

CVE-2021-3959

CVE-2021-3959 describes a Server-Side Request Forgery (SSRF) in the EPPUpdateService of Bitdefender GravityZone. Affected: GravityZone versions prior to 3.3.8.272. The vulnerability allows a proxy of requests to the relay server. The available references indicate no explicit exploit details or in...

7.5CVSS7AI score0.01688EPSS
CVE
CVE
added 2018/10/30 7:0 p.m.42 views

CVE-2017-8931

The CVE-2017-8931 entry affects the Bitdefender GravityZone VMware appliance prior to version 6.2.1-35, where an attacker could gain root privileges via unspecified vectors. The NVD entry lists a CVSSv3 base score of 9.8 (CRITICAL) with network attack vector and privileges required: none. Connect...

10CVSS9.4AI score0.01518EPSS